Public bug reported: if running on a FIPS system I get:
+ uvt-kvm create --memory 2048 --cpu 4 --disk 16 --password=ubuntu bionic-kvm release=bionic arch=amd64 label=daily Warning: using --password from the command line is not secure and should be used for debugging only. DSA keys are not allowed in FIPS mode^M Traceback (most recent call last): File "/usr/bin/uvt-kvm", line 35, in <module> uvtool.libvirt.kvm.main_cli_wrapper(sys.argv[1:]) File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 861, in main_cli_wrapper main(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 856, in main args.func(parser, args) File "/usr/lib/python2.7/dist-packages/uvtool/libvirt/kvm.py", line 643, in main_create ssh_host_keys, ssh_known_hosts = uvtool.ssh.generate_ssh_host_keys() File "/usr/lib/python2.7/dist-packages/uvtool/ssh.py", line 50, in generate_ssh_host_keys _keygen(key_type, private_path) File "/usr/lib/python2.7/dist-packages/uvtool/ssh.py", line 34, in _keygen '-C', 'root@localhost' File "/usr/lib/python2.7/subprocess.py", line 190, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['ssh-keygen', '-q', '-f', '/tmp/uvt-kvm.sshtmpVhmPlF/dsa', '-N', '', '-t', 'dsa', '-C', 'root@localhost']' returned non-zero exit status 255 I also was told that elliptic curves are disallowed. Could we switch the default to the common RSA to make this work in a FIPS environment? ** Affects: uvtool (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1936473 Title: DSA keys are not allowed in FIPS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/uvtool/+bug/1936473/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs